From 7672e62d4107057dd191a8bed04b3d0c23f9686d Mon Sep 17 00:00:00 2001 From: thespad Date: Tue, 17 Dec 2024 17:09:15 +0000 Subject: [PATCH] Add no-new-privs note --- docs/misc/non-root.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/misc/non-root.md b/docs/misc/non-root.md index 0611d0c88d..3f9136e1ee 100644 --- a/docs/misc/non-root.md +++ b/docs/misc/non-root.md @@ -35,6 +35,7 @@ Our images use s6 as a supervisor and that needs to be able to write its service * Docker Mods will not be run * Custom Services will not be run * Custom Scripts will be limited in their functionality +* You cannot set `no-new-privileges=true` as it will prevent s6 from being able to start the init process For all of these reasons, we recommend you *do not* switch existing container instances to run with a non-root user without careful testing.